WordPress.org

Make WordPress Core

Changes between Version 5 and Version 6 of Ticket #39941, comment 31


Ignore:
Timestamp:
03/22/2019 09:14:41 PM (9 months ago)
Author:
jadeddragoon
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #39941, comment 31

    v5 v6  
    77> By the way, the proof-of-concept plugin I mentioned in the description of the report is here now as I changed my github username: https://gist.github.com/mallorydxw/e2aee45ad5cb2a309c6bd0fc213efb97
    88
    9 This is even worse! Now they don't even have to find templated js that explicitly requests a nonce nor request one themselves... now even existing WordPress XSS exploits can take advantage of it and future exploits don't have to ask for the nonce specifically.
     9This would be even worse! With this they don't even have to find templated js that explicitly requests a nonce nor request one themselves... even existing WordPress XSS exploits can take advantage and future exploits don't have to ask for the nonce specifically.